@clear-capabilities/agentic-security-scanner 0.77.0 → 0.78.0

package/src/sast/graphql.js

@@ -0,0 +1,127 @@
+// GraphQL security detector.
+//
+// Coverage:
+//   1. Query injection — string-concat/template building GraphQL queries from user input
+//   2. Depth/complexity DoS — ApolloServer/express-graphql without depth limiting
+//   3. Introspection in production — introspection enabled or not explicitly disabled
+//   4. Batching DoS — missing batch-size limits
+//   5. Field suggestions — error messages leaking field names
+
+function _line(raw, idx) {
+  return raw.slice(0, idx).split('\n').length;
+}
+
+export function scanGraphQL(fp, raw) {
+  if (!fp || !raw || typeof raw !== 'string') return [];
+  if (raw.length > 500_000) return [];
+  if (!/\.(?:js|jsx|ts|tsx|mjs|cjs|py|go|rb)$/i.test(fp)) return [];
+
+  const findings = [];
+
+  // 1. Query injection: string concat/template into GraphQL query strings
+  const queryConcat = /(?:query|mutation)\s*[:=]\s*(?:`[^`]*\$\{[^}]*\}|["'][^"']*["']\s*\+\s*\w)/g;
+  for (const m of raw.matchAll(queryConcat)) {
+    const ln = _line(raw, m.index);
+    const after = raw.slice(m.index, m.index + 300);
+    if (/\b(?:gql|graphql|\.query|\.mutate)\b/i.test(after) || /\b(?:query|mutation)\s*\{/.test(after)) {
+      findings.push({
+        id: `graphql-injection:${fp}:${ln}`,
+        file: fp, line: ln,
+        vuln: 'GraphQL Query Injection — user input concatenated into query string',
+        severity: 'high',
+        family: 'graphql-injection',
+        cwe: 'CWE-943',
+        parser: 'GRAPHQL',
+        confidence: 0.75,
+        description: 'GraphQL query is built via string concatenation or template interpolation with variables that may contain user input. An attacker can inject additional fields, aliases, or mutations.',
+        remediation: 'Use parameterized GraphQL queries with variables: `query GetUser($id: ID!) { user(id: $id) { name } }` and pass variables separately.',
+      });
+    }
+  }
+
+  // 2. Depth/complexity DoS: ApolloServer/createYoga/express-graphql without depth limit
+  if (/\b(?:ApolloServer|createYoga|graphqlHTTP|makeExecutableSchema)\b/.test(raw)) {
+    if (!/\b(?:depthLimit|graphql-depth-limit|graphql-validation-complexity|costAnalysis|maxDepth|queryDepthLimit)\b/.test(raw)) {
+      const m = raw.match(/\b(ApolloServer|createYoga|graphqlHTTP)\b/);
+      if (m) {
+        findings.push({
+          id: `graphql-depth-dos:${fp}:${_line(raw, m.index)}`,
+          file: fp, line: _line(raw, m.index),
+          vuln: 'GraphQL Depth/Complexity DoS — no depth limiting configured',
+          severity: 'medium',
+          family: 'graphql-dos',
+          cwe: 'CWE-400',
+          parser: 'GRAPHQL',
+          confidence: 0.70,
+          description: 'GraphQL server is configured without query depth or complexity limits. An attacker can send deeply nested queries that exhaust server resources.',
+          remediation: 'Add graphql-depth-limit or graphql-query-complexity to validationRules: new ApolloServer({ validationRules: [depthLimit(10)] }).',
+        });
+      }
+    }
+  }
+
+  // 3. Introspection in production
+  if (/\bintrospection\s*:\s*true\b/.test(raw)) {
+    const m = raw.match(/\bintrospection\s*:\s*true\b/);
+    if (m) {
+      findings.push({
+        id: `graphql-introspection:${fp}:${_line(raw, m.index)}`,
+        file: fp, line: _line(raw, m.index),
+        vuln: 'GraphQL Introspection Enabled — schema exposed to clients',
+        severity: 'medium',
+        family: 'graphql-introspection',
+        cwe: 'CWE-200',
+        parser: 'GRAPHQL',
+        confidence: 0.80,
+        description: 'Introspection is explicitly enabled. Attackers can query __schema to discover all types, fields, and mutations — accelerating further attacks.',
+        remediation: 'Disable introspection in production: new ApolloServer({ introspection: process.env.NODE_ENV !== "production" }).',
+      });
+    }
+  }
+
+  // 4. Batching DoS: missing batch limits
+  if (/\b(?:ApolloServer|ApolloGateway)\b/.test(raw)) {
+    if (!/\b(?:allowBatchedHttpRequests\s*:\s*false|maxBatchSize|batching\s*:\s*false)\b/.test(raw)) {
+      const m = raw.match(/\b(ApolloServer|ApolloGateway)\b/);
+      if (m) {
+        const after = raw.slice(m.index, m.index + 500);
+        if (/allowBatchedHttpRequests\s*:\s*true/.test(after) && !/maxBatchSize/.test(after)) {
+          findings.push({
+            id: `graphql-batch-dos:${fp}:${_line(raw, m.index)}`,
+            file: fp, line: _line(raw, m.index),
+            vuln: 'GraphQL Batch DoS — batching enabled without size limit',
+            severity: 'medium',
+            family: 'graphql-dos',
+            cwe: 'CWE-400',
+            parser: 'GRAPHQL',
+            confidence: 0.65,
+            description: 'Batched HTTP requests are enabled without a maxBatchSize limit. Attackers can send thousands of operations in a single HTTP request.',
+            remediation: 'Set allowBatchedHttpRequests: false, or add maxBatchSize: 10 to limit batch size.',
+          });
+        }
+      }
+    }
+  }
+
+  // 5. Field suggestions leaking schema info
+  if (/\b(?:includeStacktraceInErrorResponses|formatError|debug\s*:\s*true)\b/.test(raw)) {
+    if (/\b(?:ApolloServer|graphqlHTTP)\b/.test(raw)) {
+      for (const m of raw.matchAll(/\bdebug\s*:\s*true\b/g)) {
+        findings.push({
+          id: `graphql-debug:${fp}:${_line(raw, m.index)}`,
+          file: fp, line: _line(raw, m.index),
+          vuln: 'GraphQL Debug Mode — error details exposed to clients',
+          severity: 'low',
+          family: 'graphql-introspection',
+          cwe: 'CWE-209',
+          parser: 'GRAPHQL',
+          confidence: 0.70,
+          description: 'Debug mode exposes stack traces and field suggestion in error responses, leaking internal schema structure.',
+          remediation: 'Set debug: false or includeStacktraceInErrorResponses: false in production.',
+        });
+      }
+    }
+  }
+
+  return findings;
+}

package/src/sast/llm-stored-prompt.js

@@ -101,3 +101,60 @@ export function scanStoredPromptInjection(fp, raw) {
   }
   return findings;
 }
+
+const ORM_READ_RE = /\b(?:findOne|findUnique|findFirst|findById|findByPk|get_object_or_404|objects\.get|objects\.filter|\.query\s*\()\b/;
+
+export function scanStoredPromptInjectionCrossFile(fileContents) {
+  if (!fileContents || typeof fileContents !== 'object') return [];
+  const llmSinks = [];
+  const ormReads = [];
+  for (const [fp, raw] of Object.entries(fileContents)) {
+    if (!raw || typeof raw !== 'string' || raw.length > 500_000) continue;
+    const lang = _lang(fp);
+    if (!lang) continue;
+    for (const [plang, pat, label] of LLM_CALL_PATTERNS) {
+      if (plang !== lang) continue;
+      const re = new RegExp(pat.source, pat.flags);
+      let m;
+      while ((m = re.exec(raw))) {
+        const varName = (m[1] || '').split('.')[0];
+        if (varName) llmSinks.push({ file: fp, line: _lineOf(raw, m.index), varName, label });
+      }
+    }
+    if (ORM_READ_RE.test(raw)) {
+      const lines = raw.split('\n');
+      for (let i = 0; i < lines.length; i++) {
+        if (ORM_READ_RE.test(lines[i])) {
+          const assignMatch = lines[i].match(/(\w+)\s*=\s*/);
+          if (assignMatch) ormReads.push({ file: fp, line: i + 1, varName: assignMatch[1] });
+        }
+      }
+    }
+  }
+  const findings = [];
+  const seen = new Set();
+  for (const sink of llmSinks) {
+    for (const read of ormReads) {
+      if (sink.file === read.file) continue;
+      if (sink.varName !== read.varName) continue;
+      const id = `llm-stored-prompt-xfile:${read.file}:${read.line}->${sink.file}:${sink.line}`;
+      if (seen.has(id)) continue;
+      seen.add(id);
+      findings.push({
+        id,
+        file: sink.file, line: sink.line,
+        vuln: `LLM Stored-Prompt Injection — cross-file ORM→LLM (${sink.label})`,
+        severity: 'high',
+        cwe: 'CWE-1336',
+        family: 'llm-prompt-injection',
+        parser: 'LLM-STORED-PROMPT-XFILE',
+        confidence: 0.55,
+        description: `Variable "${sink.varName}" loaded from ORM at ${read.file}:${read.line} is used as LLM system prompt at ${sink.file}:${sink.line}. An attacker who can modify the DB record can inject instructions.`,
+        remediation: 'Validate stored prompts against a schema or signing key. Wrap DB-loaded text in delimiters and a role-isolation frame.',
+        source: { file: read.file, line: read.line, label: `ORM read → ${read.varName}` },
+        sink: { file: sink.file, line: sink.line, label: `LLM ${sink.label}` },
+      });
+    }
+  }
+  return findings;
+}

package/src/sast/mutation-xss.js

@@ -83,5 +83,48 @@ export function scanMutationXSS(fp, raw) {
     });
   }
 
+  // Email template XSS: user data rendered into HTML email body
+  const emailSinkRe = /\b(?:sendMail|transporter\.sendMail|sg\.send|ses\.sendEmail|mailgun\.messages\.create|send_email|mail\.send)\s*\(/g;
+  for (const em of code.matchAll(emailSinkRe)) {
+    const after = code.slice(em.index, em.index + 500);
+    if (!/\bhtml\s*:/i.test(after)) continue;
+    const taintHint = /(?:req\.|request\.|params|body|query|user\.\w+|data\.\w+)/.test(after);
+    const templateHint = /(?:ejs\.render|pug\.render|mustache\.render|handlebars\.compile|marked\.parse|render_template|Jinja2|\.render\s*\()/.test(after);
+    if (!taintHint && !templateHint) continue;
+    const line = lineOf(raw, em.index);
+    push({
+      id: `email-template-xss:${fp}:${line}`,
+      file: fp, line,
+      vuln: 'Email Template XSS — user data rendered into HTML email body',
+      severity: 'high',
+      cwe: 'CWE-79',
+      family: 'email-template-xss',
+      stride: 'Tampering',
+      snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+      remediation: 'HTML-escape user-supplied data before inserting into email templates. Use the template engine\'s auto-escape mode. Consider rendering text-only emails for user-generated content.',
+      parser: 'EMAIL-XSS',
+      confidence: 0.65,
+    });
+  }
+
+  // Markdown → HTML → innerHTML chain
+  const markdownHtmlRe = /\bmarked\.parse\s*\([^)]*(?:req\.|request\.|params|body|query|user)/g;
+  for (const mm of code.matchAll(markdownHtmlRe)) {
+    const line = lineOf(raw, mm.index);
+    push({
+      id: `markdown-xss:${fp}:${line}`,
+      file: fp, line,
+      vuln: 'Markdown→HTML XSS — user-supplied Markdown rendered to HTML without sanitization',
+      severity: 'high',
+      cwe: 'CWE-79',
+      family: 'xss',
+      stride: 'Tampering',
+      snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+      remediation: 'Pipe marked output through DOMPurify: `const html = DOMPurify.sanitize(marked.parse(userInput))`. Or use marked with `sanitize: true` option.',
+      parser: 'MARKDOWN-XSS',
+      confidence: 0.70,
+    });
+  }
+
   return findings;
 }

package/src/sast/nosql-injection.js

@@ -18,6 +18,9 @@ const DYNAMO_EXPR_CONCAT_RE = /(?:FilterExpression|ConditionExpression|KeyCondit
 
 const PY_MONGO_FIND_REQ = /\.\s*(?:find|find_one|update_one|update_many|delete_one|delete_many)\s*\(\s*request\s*\.\s*(?:json|data|args|form)/g;
 
+const MONGO_AGGREGATE_RE = /\.\s*aggregate\s*\(\s*\[[\s\S]{0,300}?\{\s*\$(?:match|expr|where|function|redact|lookup)\s*:[\s\S]{0,200}?(?:req|request|params|query|body|input)\b/g;
+const MONGO_MAPREDUCE_RE = /\.\s*mapReduce\s*\([\s\S]{0,300}?(?:req|request|params|query|body|input)\b/g;
+
 function lineOf(raw, idx) { return raw.substring(0, idx).split('\n').length; }
 
 export function scanNoSQLInjection(fp, raw) {
@@ -33,6 +36,8 @@ export function scanNoSQLInjection(fp, raw) {
       [MONGO_WHERE_RE, 'mongo-where', 'NoSQL Injection: MongoDB $where with user-controlled string', 0.90],
       [MONGO_FIND_REQ_OBJ_RE, 'mongo-find', 'NoSQL Injection: MongoDB query with raw request object (operator injection)', 0.80],
       [DYNAMO_EXPR_CONCAT_RE, 'dynamo-expr', 'NoSQL Injection: DynamoDB Expression built via string concatenation', 0.85],
+      [MONGO_AGGREGATE_RE, 'mongo-aggregate', 'NoSQL Injection: MongoDB aggregate pipeline with user-controlled stage', 0.80],
+      [MONGO_MAPREDUCE_RE, 'mongo-mapreduce', 'NoSQL Injection: MongoDB mapReduce with user-controlled function', 0.85],
     ]) {
       const r = new RegExp(re.source, re.flags);
       while ((m = r.exec(code))) {

package/src/sast/null-byte-injection.js

@@ -0,0 +1,76 @@
+// Null-byte and path normalization injection detector.
+//
+// Detects patterns where file extension checks can be bypassed via
+// null-byte truncation (%00, \0) or missing path normalization before
+// filesystem operations.
+
+function _line(raw, idx) { return raw.slice(0, idx).split('\n').length; }
+
+const EXT_CHECK_RE = /\.(?:endsWith|match|test|includes)\s*\(\s*['"]\.(?:jpg|jpeg|png|gif|pdf|doc|docx|csv|txt|zip|svg|webp|mp4)/gi;
+const SPLITEXT_RE = /(?:path\.extname|os\.path\.splitext|filepath\.Ext|pathinfo)\s*\(/g;
+
+const FS_SINK_RE = /(?:fs\.readFile|fs\.readFileSync|fs\.createReadStream|fs\.writeFile|fs\.writeFileSync|open\s*\(|os\.open|sendFile|send_file|send_from_directory|filepath\.Join|os\.path\.join|path\.join)\s*\(/g;
+
+const NORMALIZATION_RE = /(?:path\.normalize|path\.resolve|os\.path\.abspath|os\.path\.realpath|filepath\.Clean|filepath\.Abs|realpath|basename)\s*\(/;
+const NULL_STRIP_RE = /(?:replace\s*\(\s*\/\\0\/|replace\s*\(\s*['"]\\0['"]|\.replace\s*\(\s*\/\\x00\/|\.replace\s*\(\s*['"]%00['"])/;
+
+export function scanNullByteInjection(fp, raw) {
+  if (!fp || !raw || typeof raw !== 'string') return [];
+  if (raw.length > 500_000) return [];
+  if (!/\.(?:js|jsx|ts|tsx|mjs|cjs|py|go|rb|php|phtml)$/i.test(fp)) return [];
+
+  const findings = [];
+  const seen = new Set();
+
+  // Pattern: extension check without null-byte stripping before FS operation
+  for (const extMatch of raw.matchAll(EXT_CHECK_RE)) {
+    const checkLine = _line(raw, extMatch.index);
+    // Look ahead for FS operation within 15 lines
+    const after = raw.slice(extMatch.index, extMatch.index + 1000);
+    if (!FS_SINK_RE.test(after)) continue;
+    // Check if normalization or null-byte stripping exists between check and sink
+    const between = after.slice(0, after.search(FS_SINK_RE));
+    if (NORMALIZATION_RE.test(between) || NULL_STRIP_RE.test(between)) continue;
+    const id = `null-byte:${fp}:${checkLine}`;
+    if (seen.has(id)) continue;
+    seen.add(id);
+    findings.push({
+      id,
+      file: fp, line: checkLine,
+      vuln: 'Null-Byte Injection Risk — extension check without path normalization before FS operation',
+      severity: 'medium',
+      family: 'path-normalization',
+      cwe: 'CWE-158',
+      parser: 'NULL-BYTE',
+      confidence: 0.60,
+      description: 'A file extension check is performed, then the path is passed to a filesystem operation without normalization or null-byte stripping. An attacker can bypass the extension check with a null byte: "malicious.php%00.jpg" passes the .jpg check but the filesystem may truncate at the null byte.',
+      remediation: 'Always normalize paths before extension checks: path.resolve(uploadsDir, path.basename(filename)). Strip null bytes: filename.replace(/\\0/g, ""). Validate the resolved path is within the expected directory.',
+    });
+  }
+
+  // Pattern: splitext/extname without null-byte stripping
+  for (const splitMatch of raw.matchAll(SPLITEXT_RE)) {
+    const line = _line(raw, splitMatch.index);
+    const context = raw.slice(Math.max(0, splitMatch.index - 200), splitMatch.index + 200);
+    if (NULL_STRIP_RE.test(context) || NORMALIZATION_RE.test(context)) continue;
+    // Only fire if user input is nearby
+    if (!/(?:req\.|request\.|params|query|body|upload|file|filename|user_input|\$_FILES|\$_GET)/i.test(context)) continue;
+    const id = `path-norm:${fp}:${line}`;
+    if (seen.has(id)) continue;
+    seen.add(id);
+    findings.push({
+      id,
+      file: fp, line,
+      vuln: 'Path Normalization Gap — extension extraction without null-byte/traversal sanitization',
+      severity: 'medium',
+      family: 'path-normalization',
+      cwe: 'CWE-176',
+      parser: 'NULL-BYTE',
+      confidence: 0.55,
+      description: 'Path extension is extracted from user-supplied input without prior normalization. Unicode normalization attacks or null-byte truncation can bypass the extension check.',
+      remediation: 'Normalize the path first: const safeName = path.basename(userInput).replace(/\\0/g, ""); then check the extension.',
+    });
+  }
+
+  return findings;
+}

package/src/sast/redos-nfa.js

@@ -0,0 +1,338 @@
+// ReDoS NFA analyzer — detects catastrophic backtracking in regex patterns.
+//
+// Builds a simplified NFA from a regex body string and detects superlinear
+// ambiguity: two distinct paths through a quantifier cycle that accept the
+// same character. This is the core condition for exponential backtracking.
+//
+// Scope: character classes, alternation, quantifiers (+*?{n,m}), groups,
+// escapes, anchors. Unknown constructs → treated as safe (opaque atom).
+// Body-length cap: 500 chars → skip (too complex for static analysis).
+//
+// Also exports extractors for Python re.compile() and Java Pattern.compile().
+
+const MAX_BODY_LEN = 500;
+
+// ── Regex parser ────────────────────────────────────────────────────────────
+
+function parseRegex(body) {
+  let pos = 0;
+  const src = body;
+
+  function peek() { return pos < src.length ? src[pos] : null; }
+  function advance() { return src[pos++]; }
+
+  function parseAlternation() {
+    const branches = [parseConcat()];
+    while (peek() === '|') {
+      advance();
+      branches.push(parseConcat());
+    }
+    return branches.length === 1 ? branches[0] : { type: 'alt', branches };
+  }
+
+  function parseConcat() {
+    const items = [];
+    while (pos < src.length && peek() !== ')' && peek() !== '|') {
+      items.push(parseQuantified());
+    }
+    return items.length === 1 ? items[0] : { type: 'concat', items };
+  }
+
+  function parseQuantified() {
+    let atom = parseAtom();
+    if (!atom) return { type: 'literal', ch: '' };
+    while (pos < src.length) {
+      const c = peek();
+      if (c === '*') { advance(); atom = { type: 'star', child: atom }; }
+      else if (c === '+') { advance(); atom = { type: 'plus', child: atom }; }
+      else if (c === '?') { advance(); atom = { type: 'opt', child: atom }; }
+      else if (c === '{') {
+        const saved = pos;
+        advance();
+        let numStr = '';
+        while (pos < src.length && /[\d,]/.test(peek())) numStr += advance();
+        if (peek() === '}') {
+          advance();
+          const parts = numStr.split(',');
+          const max = parts.length > 1 ? (parts[1] ? parseInt(parts[1]) : Infinity) : parseInt(parts[0]);
+          if (max > 1 || max === Infinity) {
+            atom = { type: 'star', child: atom };
+          }
+        } else {
+          pos = saved;
+          break;
+        }
+      } else break;
+      if (peek() === '?') advance(); // lazy modifier
+    }
+    return atom;
+  }
+
+  function parseAtom() {
+    const c = peek();
+    if (c === null || c === ')' || c === '|') return null;
+    if (c === '(') {
+      advance();
+      if (peek() === '?') {
+        advance();
+        // Non-capturing group or lookahead — skip modifier chars
+        while (pos < src.length && peek() !== ':' && peek() !== ')' && /[imsx<!=P]/.test(peek())) advance();
+        if (peek() === ':' || peek() === ')') {
+          if (peek() === ':') advance();
+          if (peek() === ')') { advance(); return { type: 'literal', ch: '' }; }
+        }
+      }
+      const inner = parseAlternation();
+      if (peek() === ')') advance();
+      return { type: 'group', child: inner };
+    }
+    if (c === '[') return parseCharClass();
+    if (c === '\\') {
+      advance();
+      const esc = advance();
+      if (!esc) return { type: 'literal', ch: '\\' };
+      if (esc === 'd') return { type: 'class', chars: '0123456789' };
+      if (esc === 'w') return { type: 'class', chars: 'azAZ09_' };
+      if (esc === 's') return { type: 'class', chars: ' \t\n\r' };
+      if (esc === 'D' || esc === 'W' || esc === 'S') return { type: 'class', chars: 'ANY' };
+      if (esc === 'b' || esc === 'B') return { type: 'literal', ch: '' }; // anchor
+      return { type: 'literal', ch: esc };
+    }
+    if (c === '.') { advance(); return { type: 'class', chars: 'ANY' }; }
+    if (c === '^' || c === '$') { advance(); return { type: 'literal', ch: '' }; }
+    advance();
+    return { type: 'literal', ch: c };
+  }
+
+  function parseCharClass() {
+    advance(); // [
+    let chars = '';
+    let negated = false;
+    if (peek() === '^') { negated = true; advance(); }
+    if (peek() === ']') { chars += advance(); }
+    while (pos < src.length && peek() !== ']') {
+      if (peek() === '\\') {
+        advance();
+        const esc = advance();
+        if (esc === 'd') chars += '0123456789';
+        else if (esc === 'w') chars += 'azAZ09_';
+        else if (esc === 's') chars += ' \t\n\r';
+        else chars += (esc || '');
+      } else {
+        chars += advance();
+      }
+    }
+    if (peek() === ']') advance();
+    return { type: 'class', chars: negated ? 'ANY' : chars };
+  }
+
+  try {
+    const tree = parseAlternation();
+    return { ok: true, tree };
+  } catch {
+    return { ok: false, tree: null };
+  }
+}
+
+// ── Ambiguity detection ─────────────────────────────────────────────────────
+
+function classOverlaps(a, b) {
+  if (a === 'ANY' || b === 'ANY') return true;
+  for (const ch of a) {
+    if (b.includes(ch)) return true;
+  }
+  return false;
+}
+
+function collectFirstChars(node) {
+  if (!node) return [];
+  switch (node.type) {
+    case 'literal':
+      return node.ch ? [node.ch] : [];
+    case 'class':
+      return [node.chars];
+    case 'group':
+      return collectFirstChars(node.child);
+    case 'concat':
+      for (const item of (node.items || [])) {
+        const fc = collectFirstChars(item);
+        if (fc.length) return fc;
+        if (!canBeEmpty(item)) return fc;
+      }
+      return [];
+    case 'alt':
+      return (node.branches || []).flatMap(collectFirstChars);
+    case 'star':
+    case 'plus':
+    case 'opt':
+      return collectFirstChars(node.child);
+    default:
+      return [];
+  }
+}
+
+function canBeEmpty(node) {
+  if (!node) return true;
+  switch (node.type) {
+    case 'literal': return !node.ch;
+    case 'class': return false;
+    case 'group': return canBeEmpty(node.child);
+    case 'concat': return (node.items || []).every(canBeEmpty);
+    case 'alt': return (node.branches || []).some(canBeEmpty);
+    case 'star': case 'opt': return true;
+    case 'plus': return canBeEmpty(node.child);
+    default: return false;
+  }
+}
+
+function detectSuperlinear(tree) {
+  if (!tree) return { unsafe: false };
+  const reasons = [];
+  _walk(tree, reasons, 0);
+  return reasons.length ? { unsafe: true, reason: reasons[0] } : { unsafe: false };
+}
+
+function _walk(node, reasons, quantifierDepth) {
+  if (!node || reasons.length) return;
+  switch (node.type) {
+    case 'star':
+    case 'plus': {
+      if (quantifierDepth > 0) {
+        reasons.push('nested quantifier');
+        return;
+      }
+      _walk(node.child, reasons, quantifierDepth + 1);
+      // Unwrap group to check inner structure
+      const inner = node.child && node.child.type === 'group' ? node.child.child : node.child;
+      if (inner && inner.type === 'alt') {
+        const branches = inner.branches || [];
+        for (let i = 0; i < branches.length; i++) {
+          const fc_i = collectFirstChars(branches[i]);
+          for (let j = i + 1; j < branches.length; j++) {
+            const fc_j = collectFirstChars(branches[j]);
+            for (const a of fc_i) {
+              for (const b of fc_j) {
+                if (classOverlaps(a, b)) {
+                  reasons.push('alternation ambiguity under quantifier');
+                  return;
+                }
+              }
+            }
+          }
+        }
+      }
+      if (inner && inner.type === 'concat') {
+        const items = inner.items || [];
+        if (items.length >= 2) {
+          const first = collectFirstChars(items[0]);
+          for (let k = 1; k < items.length; k++) {
+            // Check if all items before k can be empty (nullable prefix)
+            const prefixNullable = items.slice(0, k).every(canBeEmpty);
+            const prevNullable = canBeEmpty(items[k - 1]) || items[k - 1].type === 'star' || items[k - 1].type === 'opt';
+            if (prevNullable || prefixNullable) {
+              const fc_k = collectFirstChars(items[k]);
+              for (const a of first) {
+                for (const b of fc_k) {
+                  if (classOverlaps(a, b)) {
+                    reasons.push('overlapping nullable prefix in quantifier');
+                    return;
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+      break;
+    }
+    case 'opt':
+      _walk(node.child, reasons, quantifierDepth);
+      break;
+    case 'group':
+      _walk(node.child, reasons, quantifierDepth);
+      break;
+    case 'concat':
+      for (const item of (node.items || [])) _walk(item, reasons, quantifierDepth);
+      break;
+    case 'alt':
+      for (const b of (node.branches || [])) _walk(b, reasons, quantifierDepth);
+      break;
+    default:
+      break;
+  }
+}
+
+// ── Public API ──────────────────────────────────────────────────────────────
+
+export function isUnsafeRegex(body) {
+  if (!body || typeof body !== 'string') return { unsafe: false };
+  if (body.length > MAX_BODY_LEN) return { unsafe: false };
+  if (!/[*+{]/.test(body)) return { unsafe: false };
+  const parsed = parseRegex(body);
+  if (!parsed.ok) return { unsafe: false };
+  return detectSuperlinear(parsed.tree);
+}
+
+export function extractJsRegexBodies(code) {
+  const out = [];
+  // Regex literals: /pattern/flags
+  for (const m of code.matchAll(/\/([^/\n]+)\/[gimsuy]*/g)) {
+    out.push({ body: m[1], line: code.slice(0, m.index).split('\n').length });
+  }
+  // new RegExp("pattern")
+  for (const m of code.matchAll(/new\s+RegExp\s*\(\s*['"]([^'"]+)['"]/g)) {
+    out.push({ body: m[1], line: code.slice(0, m.index).split('\n').length });
+  }
+  return out;
+}
+
+export function extractPyRegexBodies(code) {
+  const out = [];
+  for (const m of code.matchAll(/\bre\.(?:compile|match|search|sub|findall|fullmatch)\s*\(\s*r?['"]((?:\\.|[^'"\n])+)['"]/g)) {
+    out.push({ body: m[1], line: code.slice(0, m.index).split('\n').length });
+  }
+  return out;
+}
+
+export function extractJavaRegexBodies(code) {
+  const out = [];
+  for (const m of code.matchAll(/\bPattern\.compile\s*\(\s*"((?:\\.|[^"\n])+)"/g)) {
+    out.push({ body: m[1].replace(/\\\\/g, '\\'), line: code.slice(0, m.index).split('\n').length });
+  }
+  for (const m of code.matchAll(/\.matches\s*\(\s*"((?:\\.|[^"\n])+)"/g)) {
+    out.push({ body: m[1].replace(/\\\\/g, '\\'), line: code.slice(0, m.index).split('\n').length });
+  }
+  return out;
+}
+
+export function scanRegexReDoS(file, raw) {
+  if (!file || !raw || typeof raw !== 'string') return [];
+  if (raw.length > 500_000) return [];
+  const findings = [];
+  let bodies = [];
+  if (/\.(?:js|jsx|ts|tsx|mjs|cjs)$/i.test(file)) bodies = extractJsRegexBodies(raw);
+  else if (/\.py$/i.test(file)) bodies = extractPyRegexBodies(raw);
+  else if (/\.java$/i.test(file)) bodies = extractJavaRegexBodies(raw);
+  else return [];
+
+  for (const { body, line } of bodies) {
+    const result = isUnsafeRegex(body);
+    if (result.unsafe) {
+      findings.push({
+        id: `redos-nfa:${file}:${line}`,
+        file,
+        line,
+        vuln: 'ReDoS — Catastrophic Backtracking (NFA analysis)',
+        severity: 'high',
+        family: 'redos',
+        cwe: 'CWE-1333',
+        parser: 'NFA',
+        confidence: 0.85,
+        description: `Regex pattern has ${result.reason}. A crafted input can cause exponential backtracking, consuming 100% CPU.`,
+        remediation: 'Rewrite the regex to avoid nested quantifiers and overlapping alternation. Consider using the re2 library for guaranteed linear-time matching.',
+        snippet: `/${body.slice(0, 60)}${body.length > 60 ? '...' : ''}/`,
+      });
+    }
+  }
+  return findings;
+}